Installing and Configuring the Apache HTTP Server Plug-In

e-docs > WebLogic Server > Using Web Server Plug-Ins WithWebLogic Server > Installing and Configuring the Apache HTTP Server Plug-In

Using Web Server Plug-Ins WithWebLogic Server

Installing and Configuring the Apache HTTP Server Plug-In

The following sections describe how to install and configure the Apache HTTP Server Plug-In:

Overview of the Apache HTTP Server Plug-In

The Apache HTTP Server Plug-In allows requests to be proxied from an Apache HTTP Server to WebLogic Server. The plug-in enhances an Apache installation by allowing WebLogic Server to handle those requests that require the dynamic functionality of WebLogic Server.

The plug-in is intended for use in an environment where an Apache Server serves static pages, and another part of the document tree (dynamic pages best generated by HTTP Servlets or JavaServer Pages) is delegated to WebLogic Server, which may be operating in a different process, possibly on a different host. To the end user—the browser—the HTTP requests delegated to WebLogic Server still appear to be coming from the same source.

HTTP-tunneling, a technique which allows HTTP requests and responses access through a company's firewall, can also operate through the plug-in, providing non-browser clients access to WebLogic Server services.

The Apache HTTP Server Plug-In operates as an Apache module within an Apache HTTP Server. An Apache module is loaded by Apache Server at startup, and then certain HTTP requests are delegated to it. Apache modules are similar to HTTP servlets, except that an Apache module is written in code native to the platform.

Keep-Alive Connections in Apache Version 1.3.x

Version 1.3.x of the Apache HTTP Server Plug-In creates a socket for each request and closes the socket after reading the response. Because Apache HTTP Server is multiprocessed, connection pooling and keep-alive connections between WebLogic Server and the Apache HTTP Server Plug-In cannot be supported.

Keep-Alive Connections in Apache Version 2.0

Version 2.0 of the Apache HTTP Server Plug-In improves performance by using a reusable pool of connections from the plug-in to WebLogic Server. The plug-in implements HTTP 1.1 keep-alive connections between the plug-in and WebLogic Server by reusing the same connection in the pool for subsequent requests from the same client. If the connection is inactive for more than 30 seconds, (or a user-defined amount of time) the connection is closed and returned to the pool. You can disable this feature if desired. For more information, see "KeepAliveEnabled".

Proxying Requests

The plug-in proxies requests to WebLogic Server based on a configuration that you specify. You can proxy requests based on the URL of the request (or a portion of the URL). This is called proxying by path. You can alsoproxy requests based on the MIME type of the requested file. Or you can use a combination of both methods. If a request matches both criteria, the request is proxied by path. You can also specify additional parameters for each type of request that define additional behavior of the plug-in. For more information, see Configuring the Apache HTTP Server Plug-In.

Certifications

The Apache HTTP Server Plug-In is supported on Linux, Solaris, and HPUX11 platforms. For information on support for specific versions of Apache, see the BEA WebLogic Server Certifications Page at http://download.oracle.com/docs/cd/E13222_01/wls/platforms/index.html#apach.

Installing the Apache HTTP Server Plug-In

You install the Apache HTTP Server Plug-In as an Apache module in your Apache HTTP Server installation. The module is installed either as a Dynamic Shared Object (DSO) or as a statically linked module. (Installation as a statically linked module is only available for Apache version 1.3.x). There are separate instructions in this section for DSO and statically linked module installation.

Installing the Apache HTTP Server Plug-In as a Dynamic Shared Object

To install the Apache HTTP Server Plug-In as a dynamic shared object:

Locate the shared object file for your platform.

The Apache plug-in is distributed as a shared object (.so) for use on Solaris, Linux, and HPUX11 platforms. Each shared object file is distributed as a separate version, depending on the platform, whether or not SSL is to be used between the client and Apache, and the encryption strength for SSL (regular or 128 bit— 128 bit versions are only installed if you install the 128 bit version of WebLogic Server). The shared object files are located in the following directories of your WebLogic Server installation:

Solaris

WL_HOME/Server/lib/solaris

Linux

WL_HOME/Server/lib/linux

HPUX11

WL_HOME/Server/lib/hpux11

Windows (Apache 2.0 only)

WL_HOME\Server\bin\apache

where WL_HOME is the top-level installation directory for the WebLogic platform and the Server directory contains WebLogic Server installation files.

The Plug-In for Apache 2.0.39 is not in the distribution, but can be found at http://dev2dev.bea.com/managed_content/direct/apache2.0/apache2.0.zip.

Choose the appropriate shared object from the following table:
Apache Version
Regular Strength Encryption
128-bit
Encryption

Standard Apache Version 1.x

mod_wl.so

mod_wl128.so

Apache w/ SSL/EAPI
Version 1.x

(Stronghold,
modssl etc.)

mod_wl_ssl.so

mod_wl128_ssl.so

Apache + Raven
Version 1.x

Required because Raven applies frontpage patches that makes the plug-in incompatible with the standard shared object

mod_wl_ssl_raven.so

mod_wl128_ssl_raven.so

Standard Apache Version 2.x

mod_wl_20.so

mod_wl28_20.so

Enable the shared object.
The Apache HTTP Server Plug-In will be installed in your Apache HTTP Server installation as an Apache Dynamic Shared Object (DSO). DSO support in Apache is based on a module named mod_so.c that must be enabled before mod_wl.so is loaded. If you installed Apache using the supplied script, mod_so.c should already be enabled. To verify that mod_so.c is enabled, execute one of the following commands:
```
For Apache 1.x, APACHE_HOME\bin\httpd -l
```
```
For Apache 2.x, APACHE_HOME\bin\Apache -l
```
(Where APACHE_HOME is the directory containing your Apache HTTP Server installation.)

This command lists all of the enabled modules. If mod_so.c is not listed, build your Apache HTTP Server from the source code, making sure that the following options are configured:

...
--enable-module=so
--enable-rule=SHARED_CORE
...
Install the Apache HTTP Server Plug-In in the Apache 1.x server with a support program called apxs (APache eXtenSion) that builds DSO-based modules outside of the Apache source tree, and adds the following line to the httpd.conf file:
```
AddModule mod_so.c 
```
For Apache 2.x, copy the mod_wl_20.so file to the APACHE_HOME\modules directory rather than running apxs. For more information, see the Apache HTTP Server Version 2.0 documentation.
For Apache 1.x, in your WebLogic 1.x Server installation, use a command shell to navigate to the directory that contains the shared object for your platform and activate the weblogic_module by issuing this command (note that you must have Perl installed to run this Perl script):
```
perl APACHE_HOME\bin\apxs -i -a -n weblogic mod_wl.so
```
This command copies the mod_wl.so file to the APACHE_HOME\libexec directory. It also adds two lines of instructions for weblogic_module to the httpd.conf file and activates the module. Make sure that the following lines were added to your APACHE_HOME/conf/httpd.conf file in your Apache 1.x server installation:
```
LoadModule weblogic_module         libexec/mod_wl.so
AddModule mod_weblogic.c
```
For Apache 2.x, add the following line to your APACHE_HOME/conf/httpd.conf file manually:
```
LoadModule weblogic_module     modules/mod_wl_20.so
```
Configure any additional parameters in the Apache httpd.conf configuration file as described in the section Configuring the Apache HTTP Server Plug-In. The httpd.conf file allows you to customize the behavior of the Apache HTTP Server Plug-In.
Verify the syntax of the APACHE_HOME\conf\httpd.conf file with one of the following commands:
```
For Apache 1.x, APACHE_HOME\bin\apachect1 configtest
```
```
For Apache 2.x, APACHE_HOME\bin\Apache -t 
```
The output of this command indicates any errors in your httpd.conf file.
Restart Weblogic Server.
Start (or restart if you have changed the configuration) Apache HTTP Server.
Test the Apache plug-in by opening a browser and setting the URL to the Apache Server + "/weblogic/", which should bring up the default WebLogic Server HTML page, welcome file, or default servlet, as defined for the default Web Application on WebLogic Server. For example:
```
http://myApacheserver.com/weblogic/
```

Apache Version	Regular Strength Encryption	128-bit Encryption
Standard Apache Version 1.x	mod_wl.so	mod_wl128.so
Apache w/ SSL/EAPI Version 1.x (Stronghold, modssl etc.)	mod_wl_ssl.so	mod_wl128_ssl.so
Apache + Raven Version 1.x Required because Raven applies frontpage patches that makes the plug-in incompatible with the standard shared object	mod_wl_ssl_raven.so	mod_wl128_ssl_raven.so
Standard Apache Version 2.x	mod_wl_20.so	mod_wl28_20.so

Installing the Apache HTTP Server Plug-In as a Statically Linked Module

To install the Apache HTTP Server Plug-In as a statically linked module:

Locate the linked library file for your platform.

Each library file is distributed as a separate version, depending on the platform and the encryption strength for SSL (regular or 128-bit—128-bit versions are only installed if you install the 128-bit version of WebLogic Server). The library files are located in the following directories of your WebLogic Server installation:

Solaris

WL_HOME/Server/lib/solaris

Linux

WL_HOME/Server/lib/linux

HPUX11

WL_HOME/Server/lib/hpux11

Choose the appropriate shared object from the following table.
Apache Version
Regular Strength Encryption
128-bit
Encryption

Standard Apache Version 1.3.x

libweblogic.a

libweblogic128.a

Unpack the Apache Plug-In distribution using the following command:
```
tar -xvf apache_1.3.x.tar
```
Within the unpacked distribution switch to the src/modules directory.
Create a directory called weblogic.
Copy Makefile.libdir, Makefile.tmpl from the lib directory of your WebLogic Server installation to src\modules\weblogic.
Copy libweblogic.a (use libweblogic128.a instead, if you are using 128 bit security.) from the same directory containing the linked library file (see step 1. ) to src\modules\weblogic.
If you are using regular strength encryption, execute the following command from the Apache 1.3 home directory:
```
configure --activate-module=src\modules\weblogic\libweblogic.a
```
If you are using 128 bit encryption, execute the following command (on a single line) from the Apache 1.3 home directory:
```
configure--activate-module=
 src\modules\weblogic\libweblogic128.a
```
Execute the following command:
```
make
```
Execute the following command:
```
make install
```
Follow steps 4 through 8, inInstalling the Apache HTTP Server Plug-In as a Dynamic Shared Object

Apache Version	Regular Strength Encryption	128-bit Encryption
Standard Apache Version 1.3.x	libweblogic.a	libweblogic128.a

Configuring the Apache HTTP Server Plug-In

After you install the plug-in in the Apache HTTP server, edit the httpd.conf file to configure the Apache plug-in. Editing the httpd.conf file informs the Apache Web server that it should load the native library for the plug-in as an Apache module and also describes which requests should be handled by the module.

Editing the httpd.conf File

Edit the httpd.conf file in your Apache HTTP server installation to configure the Apache HTTP Server Plug-In:

Open the httpd.conf file. The file is located at APACHE_HOME\conf\httpd.conf (where APACHE_HOME is the root directory of your Apache HTTP server installation).
For Apache 1.x, verify that the following two lines were added to the httpd.conf file when you ran the apxs utility:
```
LoadModule weblogic_module    libexec\mod_wl.so
AddModule mod_weblogic.c
```
For Apache 2.x, add the following line to the httpd.conf file:
```
LoadModule weblogic_module   modules\mod_wl_20.so
```
Add an IfModule block that defines one of the following:
For a non-clustered WebLogic Server:

The WebLogicHost and WebLogicPort parameters.

For a cluster of WebLogic Servers:

The WebLogicCluster parameter.
For example:
```
<IfModule mod_weblogic.c>
  WebLogicHost myweblogic.server.com
  WebLogicPort 7001
</IfModule>
```
If you want to proxy requests by MIME type, also add a MatchExpression line to the IfModule block. (You can proxy requests by path in addition to or instead of proxying by MIME type. Proxying by path takes precedence over proxying by MIME type. To configure proxying requests by path, see step 6. )
For example, the following IfModule block for a non-clustered WebLogic Server specifies that all files with MIME type .jsp are proxied:
```
<IfModule mod_weblogic.c>
  WebLogicHost myweblogic.server.com
  WebLogicPort 7001
  MatchExpression *.jsp
</IfModule>
```
You can also use multiple MatchExpressions, for example:
```
<IfModule mod_weblogic.c>
  WebLogicHost myweblogic.server.com
  WebLogicPort 7001
  MatchExpression *.jsp
  MatchExpression *.xyz
</IfModule>
```
If you are proxying requests by MIME type to a cluster of WebLogic Servers, use the WebLogicCluster parameter instead of the WebLogicHost and WebLogicPort parameters. For example:
```
<IfModule mod_weblogic.c>
  WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
  MatchExpression *.jsp
  MatchExpression *.xyz
</IfModule>
```
If you want to proxy requests by path, use the Location block and the SetHandler statement. SetHandler specifies the handler for the Apache HTTP Server Plug-In module. For example the following Location block proxies all requests containing /weblogic in the URL:
```
<Location /weblogic>
  SetHandler weblogic-handler
</Location>
```
Define any additional parameters for the Apache HTTP Server Plug-In.
The Apache HTTP Server Plug-In recognizes the parameters listed in General Parameters for Web Server Plug-Ins. To modify the behavior of your Apache HTTP Server Plug-In, define these parameters either:
- In a Location block, for parameters that apply to proxying by path, or
- In an IfModule block, for parameters that apply to proxying by MIME type.

Alternative Procedure for Editing the httpd.conf File

As an alternative to the procedure in Editing the httpd.conf File you can define parameters in a separate file called weblogic.conf file that is included in the IfModule block. Using this included file may help modularize your configuration. For example:

<IfModule mod_weblogic.c>
  # Config file for WebLogic Server that defines the parameters
  Include conf/weblogic.conf 
</IfModule>

Note: Defining parameters in an included file is not supported when using SSL between Apache HTTP Server Plug-In and WebLogic Server.

Enter each parameter on a new line. Do not put an `=' between the parameter and its value. For example:

PARAM_1 value1
PARAM_2 value2
PARAM_3 value3

If a request matches both a MIME type specified in a MatchExpression in an IfModule block and a path specified in a Location block, the behavior specified by the Location block takes precedence.
If you define the CookieName parameter, you must define it in an IfModule block.
If you use the <files> block in addition to the <location> block to match requests and you are using Stronghold SSL with virtual hosting, MatchExpression is ignored and the rules defined in the <files> and <location> blocks are applied to the request. If you are not using Stronghold, rules in the <location> block overrule those in a <files> block.
If you use the <VirtualHost> block, you must place all the configuration parameters (MatchExpression, for example) for each virtual host within its <VirtualHost> block.
BEA recommends that you use the MatchExpression statement instead of the <files> block.

Template for the Apache HTTP Server httpd.conf File

This section contains a sample httpd.conf file. You can use this sample as a template that you can modify to suit your environment and server. Lines beginning with # are comments. Note that Apache HTTP Server is not case sensitive, and that the LoadModule and AddModule lines are automatically added by the apxs utility.

####################################################

APACHE-HOME/conf/httpd.conf file
####################################################

LoadModule weblogic_module   libexec/mod_wl.so

AddModule mod_weblogic.c

<Location /weblogic>
  SetHandler weblogic-handler
  PathTrim /weblogic 
  ErrorPage http://myerrorpage1.mydomain.com
</Location>

<Location /servletimages>
  SetHandler weblogic-handler
  PathTrim /something
  ErrorPage http://myerrorpage1.mydomain.com
</Location>

<IfModule mod_weblogic.c>
  MatchExpression *.jsp
  WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
  ErrorPage http://myerrorpage.mydomain.com
</IfModule>

Sample httpd.conf Configuration Files

Instead of defining parameters in the location block of your httpd.conf file, if you prefer, you can use a weblogic.conf file that is loaded by the IfModule in the httpd.conf file. The following examples may be used as templates that you can modify to suit your environment and server. Lines beginning with # are comments.

Example Using WebLogic Clusters

# These parameters are common for all URLs which are 
# directed to the current module. If you want to override
# these parameters for each URL, you can set them again in
# the <Location> or <Files> blocks. (Except WebLogicHost,
# WebLogicPort, WebLogicCluster, and CookieName.)

<IfModule mod_weblogic.c>
  WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
  ErrorPage http://myerrorpage.mydomain.com
  MatchExpression *.jsp
</IfModule>
####################################################

Example Using Multiple WebLogic Clusters

# These parameters are common for all URLs which are 
# directed to the current module. If you want to override
# these parameters for each URL, you can set them again in
# the <Location> or <Files> blocks (Except WebLogicHost,
# WebLogicPort, WebLogicCluster, and CookieName.)

<IfModule mod_weblogic.c>
  MatchExpression *.jsp WebLogicHost=myHost|WebLogicPort=7001|Debug=ON
  MatchExpression *.html WebLogicCluster=myHost1:7282,myHost2:7283|ErrorPage=
    http://www.xyz.com/error.html
</IfModule>

Example Without WebLogic Clusters

# These parameters are common for all URLs which are 
# directed to the current module. If you want to override
# these parameters for each URL, you can set them again in
# the <Location> or <Files> blocks (Except WebLogicHost,
# WebLogicPort, WebLogicCluster, and CookieName.)

<IfModule mod_weblogic.c>
  WebLogicHost myweblogic.server.com
  WebLogicPort 7001
  MatchExpression *.jsp
</IfModule>

Example Configuring IP-Based Virtual Hosting

NameVirtualHost 172.17.8.1
<VirtualHost goldengate.domain1.com>
WebLogicCluster tehama1:4736,tehama2:4736,tehama:4736
PathTrim /x1
ConnectTimeoutSecs 30
</VirtualHost> 
<VirtualHost goldengate.domain2.com> 
WeblogicCluster green1:4736,green2:4736,green3:4736      
PathTrim /y1
ConnectTimeoutSecs 20 
</VirtualHost>

Example Configuring Name-Based Virtual Hosting With a Single IP Address

<VirtualHost 162.99.55.208>
        ServerName myserver.mydomain.com
         <Location / > 
               SetHandler weblogic-handler
               WebLogicCluster 162.99.55.71:7001,162.99.55.72:7001
               Idempotent ON
               Debug ON
               DebugConfigInfo ON
        </Location>
</VirtualHost>

<VirtualHost 162.99.55.208> 
        ServerName myserver.mydomain.com
       <Location / >
                SetHandler weblogic-handler
                WebLogicHost russell
                WebLogicPort 7001
                Debug ON
                DebugConfigInfo ON
        </Location>
</VirtualHost>

Using SSL with the Apache Plug-In

You can use the Secure Sockets Layer (SSL) protocol to protect the connection between the Apache HTTP Server Plug-In and WebLogic Server. The SSL protocol provides confidentiality and integrity to the data passed between the Apache HTTP Server Plug-In and WebLogic Server. In addition, the SSL protocol allows the plug-in to authenticate itself to WebLogic Server to ensure that information is passed to a trusted principal.

The Apache HTTP Server Plug-In does not use the transport protocol (http or https) specified in the HTTP request (usually by the browser) to determine whether or not the SSL protocol is used to protect the connection between the Apache HTTP Server Plug-In and WebLogic Server.

Although two-way SSL can be used between the HTTP client and Apache HTTP server, note that one-way SSL is used between Apache HTTP Server and WebLogic Server.

Implementing two-way SSL between Apache and the HTTP Client:

Configure Apache HTTP Server to request a client certificate. The certificate is stored as one of the following request attributes:
- javax.net.ssl.peer_certificates
returns a weblogic.security.X509Certificate certificate
- java.security.cert.X509Certificate
returns a java.security.cert.X509 certificate
Access the certificate by reading the request attribute, for example:
```
request.getAttribute("javax.net.ssl.peer_certificates");
```
In WebLogic Server, authenticate the user with the weblogic.security.acl.certAuthenticator.authenticate() method.

Configuring SSL Between the Apache HTTP Server Plug-In and WebLogic Server

To use the SSL protocol between Apache HTTP Server Plug-In and WebLogic Server:

Configure WebLogic Server for SSL. For more information, see Configuring the SSL Protocol.
Configure the WebLogic Server SSL listen port. For more information, see Configuring the SSL Protocol.
In the Apache Server, set the WebLogicPort parameter in the httpd.conf file to the listen port configured in step 2.
In the Apache Server, set the SecureProxy parameter in the httpd.conf file to ON.
Set any additional parameters in the httpd.conf file that define information about the SSL connection. For a complete list of parameters, see SSL Parameters for Web Server Plug-Ins

Issues with SSL-Apache Configuration

Two known issues arise when you configure the Apache plug-in to use SSL:

The PathTrim parameter must be configured inside the <Location> tag.

The following configuration is incorrect:

<Location /weblogic>
 SetHandler weblogic-handler 
</Location>

<IfModule mod_weblogic.c>
 WebLogicHost localhost
 WebLogicPort 7001
 PathTrim /weblogic
</IfModule>

The following configuration is the correct setup: <Location /weblogic> SetHandler weblogic-handler PathTrim /weblogic </Location>

The Include directive does not work with Apache SSL. You must configure all parameters directly in the httpd.conf file. Do not use the following configuration when using SSL:

<IfModule mod_weblogic.c>
  MatchExpression *.jsp 
  Include weblogic.conf 
</IfModule>

Connection Errors and Clustering Failover

When the Apache HTTP Server Plug-In attempts to connect to WebLogic Server, the plug-in uses several configuration parameters to determine how long to wait for connections to the WebLogic Server host and, after a connection is established, how long the plug-in waits for a response. If the plug-in cannot connect or does not receive a response, the plug-in attempts to connect and send the request to other WebLogic Server instances in the cluster. If the connection fails or there is no response from any WebLogic Server in the cluster, an error message is sent.

Figure 2-1 demonstrates how the plug-in handles failover.

Possible Causes of Connection Failures

Failure of the WebLogic Server host to respond to a connection request could indicate possible problems with the host machine, networking problems, or other server failures.

Failure of all WebLogic Server instances to respond, could indicate that WebLogic Server is not running or is unavailable, a hung server, a database problem, or other application failure.

Failover with a Single, Non-Clustered WebLogic Server

If you are running only a single WebLogic Server instance the plug-in only attempts to connect to the server defined with the WebLogicHost parameter. If the attempt fails, an HTTP 503 error message is returned. The plug-in continues trying to connect to that same WebLogic Server instance until ConnectTimeoutSecs is exceeded.

The Dynamic Server List

When you specify a list of WebLogic Servers in the WebLogicCluster parameter, the plug-in uses that list as a starting point for load balancing among the members of the cluster. After the first request is routed to one of these servers, a dynamic server list is returned containing an updated list of servers in the cluster. The updated list adds any new servers in the cluster and deletes any that are no longer part of the cluster or that have failed to respond to requests. This list is updated automatically with the HTTP response when a change in the cluster occurs.

Failover, Cookies, and HTTP Sessions

When a request contains a session information stored in a cookie, in the POST data, or by URL encoding, the session ID contains a reference to the specific server instance in which the session was originally established (called the primary server) and a reference to an additional server where the original session is replicated (called the secondary server). A request containing a cookie attempts to connect to the primary server. If that attempt fails, the request is routed to the secondary server. If both the primary and secondary servers fail, the session is lost and the plug-in attempts to make a fresh connection to another server in the dynamic cluster list. For more information, see Figure 2-1 Connection Failover.

Note: If the POST data is larger than 64K, the plug-in will not parse the POST data to obtain the session ID. Therefore, if you store the session ID in the POST data, the plug-in cannot route the request to the correct primary or secondary server, resulting in possible loss of session data.

Figure 2-1 Connection Failover

*The Maximum number of retries allowed in the red loop is equal to
ConnectTimeoutSecs ÷ ConnectRetrySecs.